Consumer Privacy 'Bill of Rights' Seeks To Give Web Users More Control Over Their Data

The Obama administration on Thursday will unveil a consumer privacy "bill of rights" that aims to give web users more control over how their personal information is collected and used online.

The "bill of rights" will include seven principles to protect consumers' digital privacy, such as the right to opt out of having their personal data collected and the right to having easily understandable policies on company's privacy practices, Obama administration officials said on a conference call with reporters Wednesday.

The principles will include creating a setting on web browsers that allows Internet users to opt out of having their browsing habits monitored. The advertising industry also committed to not releasing consumers’ browsing data to companies that use it for purposes beyond advertising, such as employers making hiring decisions or insurers determining coverage, officials said.

“It’s great to see that companies are stepping up to our challenge to protect privacy so consumers have greater choice and control over how they are tracked online," Federal Trade Commission Chairman Jon Leibowitz said in a statement. "More needs to be done, but the work they have done so far is very encouraging."

In coming weeks, the Commerce Department will bring together companies, privacy advocates and other stakeholders to develop privacy policies based on principles outlined in the bill of rights, officials said. Though companies are not required to follow the principles, about 90 percent of companies involved in targeted online advertising have agreed to comply, Stu Ingis, general counsel for the Digital Advertising Alliance, a group of digital advertising trade organizations, told reporters on the conference call. Those companies could be subject to FTC enforcement for not adhering to the principles, officials said.

Officials said the bill of rights will serve as a blueprint for legislation in Congress to protect consumers' online privacy. Last year, at least two bills were introduced in support of a "Do Not Track" mechanism that would give web users control over online tracking, but did not pass.

Thursday's announcement comes as a growing number of privacy failings by tech companies have fueled concerns that consumers do not have control over how their personal information is being collected and shared.

"Silicon Valley has a privacy problem," said Jonathan Mayer, a graduate student at Stanford University who discovered Google was using a special computer code to monitor Safari web users. "It's very clear that companies have repeatedly fallen short in taking measures to protect users' information."

"For the moment, the M.O. in Silicon Valley is 'do as much as you can until somebody slaps your hand,'" Mayer said.

The FTC, which regulates the use of consumers’ data online, has become more aggressive in protecting that data. Last March, Google settled charges from the FTC that it used deceptive tactics and violated its own privacy promises to consumers when it launched its social network, Google Buzz, in 2010. Last November, Facebook agreed to settle FTC charges that it deceived consumers by telling them they could keep their information private on the social network, and then repeatedly allowed it to be shared and made public.

Google set off more privacy concerns last month when it announced in a blog post that it will revise its own privacy policies to track users across all of its products. This prompted consumer groups to file complaints with the FTC, arguing that Google was violating the commission's order as part of last year's settlement.

"The FTC takes compliance with our consent orders very seriously and always looks carefully at any evidence that they are being violated," an agency spokeswoman said in response to the complaints.

Web companies are required to issue statements to consumers about their privacy policies. But most privacy statements are so dense that consumers don't read them and there are no clear guidelines about what those privacy statements should say, said Ashkan Soltani, a noted privacy researcher. Many do not fully explain how companies use consumers' data, he said. It has often taken the work of independent researchers like Soltani, Mayer and others to shed light on how these companies are collecting, storing and distributing user information.

Soltani said that web companies are generating revenue by collecting user data and selling access to that information for third-party advertising. The public is mostly unaware of these practices, however, and web companies are getting into trouble because they are not asking users for permission, he said.

"They haven't used good manners," Soltani said. "They've decided to take it without asking."